← Back

Wpchill

wpchill

46 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Download Monitor
download_monitor
12 CVEs
Strong Testimonials
strong_testimonials
6 CVEs
Modula Image Gallery
modula_image_gallery
5 CVEs
Check & Log Email
check_&_log_email
3 CVEs
Remove Footer Credit
remove_footer_credit
3 CVEs
Passster
passster
3 CVEs
Gallery Photoblocks
gallery_photoblocks
2 CVEs
Cpo Shortcodes
cpo_shortcodes
2 CVEs
Kb Support
kb_support
1 CVE
Rsvp And Event Management
rsvp_and_event_management
1 CVE
Customizable Wordpress Gallery Plugin Modula Image Gallery
customizable_wordpress_gallery_plugin_-_modula_image_gallery
1 CVE
Mashshare
mashshare
1 CVE
Cpo Content Types
cpo_content_types
1 CVE
Brilliance
brilliance
1 CVE
Simple Restrict
simple_restrict
1 CVE
Image Photo Gallery Final Tiles Grid
image_photo_gallery_final_tiles_grid
1 CVE
Optimize Images Alt Text (alt Tag) & Names For Seo Using Ai
optimize_images_alt_text_(alt_tag)_&_names_for_seo_using_ai
1 CVE
Htaccess File Editor
htaccess_file_editor
1 CVE

CVEs (46)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-36920
1Wpchill
1Download Monitor
Nov 21, 2024
Jan 14, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
CVE-2021-24786
1Wpchill
1Download Monitor
May 22, 2025
Jan 3, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
CVE-2021-24908
1Wpchill
1Check & Log Email
Nov 21, 2024
Nov 29, 2021
N/A· v4
6.1 MEDIUM· v3
2.6 LOW· v2
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2021-24774
1Wpchill
1Check & Log Email
Nov 21, 2024
Oct 25, 2021
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
CVE-2020-9003
1Wpchill
1Modula Image Gallery
Dec 15, 2025
Feb 20, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScri...Show more
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.Show less
CVE-2020-8549
1Wpchill
1Strong Testimonials
Nov 21, 2024
Feb 3, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.